• Home

  • Custom Ecommerce
  • Application Development
  • Database Consulting
  • Cloud Hosting
  • Systems Integration
  • Legacy Business Systems
  • Security & Compliance
  • GIS

  • Expertise

  • About Us
  • Our Team
  • Clients
  • Blog
  • Careers

  • VisionPort

  • Contact
  • Detecting Bufferbloat

    Brian Buchalter

    By Brian Buchalter
    February 11, 2013

    Bufferbloat is topic which has been gaining broader attention, but is still not widely understood. This post will walk you through the basics of bufferbloat and how to determine if you are the victim of bufferbloat.

    A Brief Synopsis of the Bufferbloat Problem

    The topic of bufferbloat has been explained wide and far, but I’ll add to the conversation too, focusing on brevity. This summary is based on the highly informative and technical talk Bufferbloat: Dark Buffers in the Internet, a Google Tech Talk by Jim Gettys. There is an assumption in the design of TCP that if there is network congestion, there will be timely packet loss. This packet loss triggers well designed TCP flow control mechanisms which can manage the congestion. Unfortunately, engineers designing consumer grade routers and modems (as well as all sorts of other equipment) misunderstood or ignored this assumption and in an effort to prevent packet loss added large FIFO (first-in-first-out) buffers. If users congest a network chokepoint, typically an outgoing WAN link, the device’s large buffers are filled with packets by TCP and held instead of being dropped. This “bufferbloat” prevents TCP from controlling flow and …


    networking

    Ghost Table Cells in IE9

    Greg Davidson

    By Greg Davidson
    February 8, 2013

    What’s this about ghosts?

    I recently came across an arcane layout issue in my work on a redesigned client site. The problem was specific to Internet Explorer 9 (IE9). The related CSS styles had been well tested and rendered consistently across a variety of browsers including IE7 and 8. Everything was fine and dandy until some new content was introduced into the page for a “Quickview” feature. While all of the other browsers continued to behave and render the page correctly, the layout would break in random and confusing ways in IE9.

    The following screenshots compare the correct layout with an example of the broken layout in IE9.

    Correct grid layout:

    Correct grid

    Broken layout in IE9:

    IE9 ghost cells

    The Stage

    The following is a list of the factors at work on the page in question:

    • Internet Explorer 9
    • Browser mode: IE9, Document mode: IE9 standards
    • Some content manipulation performed via JavaScript (and jQuery in this case)
    • Lots of table cells

    Debugging

    The page included a list of products. The first “page” of twelve results was shown initially while JavaScript split the rest of the list into several additional pages. Once this JavaScript pagination function was complete, users could cycle …


    browsers css javascript jquery

    Getting started with Heroku

    Marina Lohova

    By Marina Lohova
    February 7, 2013

    It’s becoming increasingly popular to host applications with a nice cloud-based platform like Engine Yard or Heroku.

    Here is a little guide showing how to join the development of a Heroku-based project. In Heroku terms it’s called “collaborating on the project”. The official tutorial does provide answers to most of the questions, but I would like to enhance it with my thoughts and experiences.

    First essential question: how to get your hands on the app source code?

    I wish Heroku had something like devcamps service provided, so you wouldn’t need to experience the hassle of launching the application locally, dealing with the database and system processes needed for development. With Heroku the code does need to be cloned to the local environment like this:

    $ heroku git:clone --app my_heroku_app

    Second, how to commit the changes?

    I got this error when trying to push to the repository:

    ! Your key with fingerprint xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx is not authorized
    to access my_heroku_app.
    fatal: The remote end hung up unexpectedly

    Turned out I needed to add the new identity to my local machine.

    Also, if you previously had accounts with Heroku with different email …


    cloud hosting

    Install SSL Certificate from Network Solutions on nginx

    Brian Buchalter

    By Brian Buchalter
    February 5, 2013

    Despite nginx serving pages for 12.22% of the web’s million busiest sites, Network Solutions does not provide instructions for installing SSL certificates for nginx. This artcle provides the exact steps for chaining the intermediary certificates for use with nginx.

    Chaining the Certificates

    Unlike Apache, nginx does not allow specification of intermediate certificates in a directive, so we must combine the server certificate, the intermediates, and the root in a single file. The zip file provided from Network Solutions contains a number of certificates, but no instructions on the order in which to chain them together. Network Solutions’ instructions for installing on Apache provide a hint, but let’s make it clear.

    cat your.site.com.crt UTNAddTrustServer_CA.crt NetworkSolutions_CA.crt > chained_your.site.com.crt

    This follows the general convention of “building up” to a trusted “root” authority by appending each intermediary. In this case UTNADDTrustServer_CA.crt is the intermediary while NetworkSolutions_CA.crt is the parent authority. With your certificates now chained together properly, use the usual nginx directives to configure SSL.

    listen                 443;
    ssl …

    hosting tls

    jQuery Performance Tips: Slice, Filter, parentsUntil

    Steph Skardal

    By Steph Skardal
    February 4, 2013

    I recently wrote about working with an intensive jQuery UI interface to emulate highlighting text. During this work, I experimented with and worked with jQuery optimization quite a bit. In the previous blog article, I mentioned that in some cases, the number of DOM elements that I was traversing at times exceeded 44,000, which caused significant performance issues in all browsers. Here are a few things I was reminded of, or learned throughout the project.

    • console.profile, console.time, and the Chrome timeline are all tools that I used during the project to some extent. I typically used console.time the most to identify which methods were taking the most time.
    • Caching elements is a valuable performance tool, as it’s typically faster to run jQuery calls on a cached jQuery selector rather than reselecting the elements. Here’s an example:
    Slower Faster
    //Later in the code
    $('.items').do_something();
    
    //On page load
    var cached_items = $('.items');
    //Later in the code
    cached_items.do_something();
    
    Slower Faster
    $('.highlighted');
    
    cached_items.filter('.highlighted');
    

    javascript jquery rails

    How to Apply a Rails Security Patch

    Brian Buchalter

    By Brian Buchalter
    January 29, 2013

    With the announcement of CVE-2013-0333, it’s time again to secure your Rails installation. (Didn’t we just do this?) If you are unable to upgrade to the latest, secure release of Rails, this post will help you apply a Rail security patch, using CVE-2013-0333 as an example.

    Fork Rails, Patch

    The CVE-2013-0333 patches so kindly released by Michael Koziarski are intended for use with folks who have forked the Rails repository. If you are unable to keep up with the latest releases, a forked repo can help you manage divergences and make it easy to apply security patches. Unfortunately, you cannot use wget to download the attached patches directly from Google Groups, so you’ll have to do this in the browser and put the patch into the root of your forked Rails repo. To apply the patch:

    cd $RAILS_FORK_PATH
    git checkout $RAILS_VERSION
    # Download attachment from announcement in browser, sorry no wget!
    git am < $CVE.patch

    You should see the newly committed patch(es) at the HEAD of your branch. Push out to GitHub and then bundle update rails on your servers.

    Patching without Forks

    If you are in the unfortunate case where there have been modifications or patches applied informally outside …


    rails security

    Evading Anti-Virus Detection with Metasploit

    Brian Buchalter

    By Brian Buchalter
    January 28, 2013

    This week I attended a free, technical webinar hosted by David Maloney, a Senior Software Engineer on Rapid7’s Metasploit team, where he is responsible for development of core features for the commercial Metasploit editions. The webinar was about evading anti-virus detection and covered topics including:

    • Signatures, heuristics, and sandboxes
    • Single and staged payloads
    • Executable templates
    • Common misconceptions about encoding payloads
    • Dynamically creating executable templates

    After Kaspersky Lab broke news of the “Red October” espionage malware package last week, I thought this would be an interesting topic to learn more about. In the post, Kaspersky is quoted saying, “the attackers managed to stay in the game for over 5 years and evade detection of most antivirus products while continuing to exfiltrate what must be hundreds of terabytes by now.”

    Separating Exploits and Payloads

    Vocabulary in the world of penetration testing may not be familiar to everyone, so let’s go over a few terms you may see.

    • Vulnerability: A bug or design flaw in software that can be exploited to allow unintended behavior
    • Exploit: Software which takes advantage of a vulnerability allowing arbitrary …

    security

    JavaScript-driven Interactive Highlighting

    Steph Skardal

    By Steph Skardal
    January 25, 2013


    An example of highlighted text, by sergis on Flickr

    One project I’ve been involved in for almost two years here at End Point is the H2O project. The Ruby on Rails web application behind H2O serves as a platform for creating, editing, organizing, consuming and sharing course materials that is used by professors and their students.

    One of the most interesting UI elements of this project is the requirement to allow highlighting and annotating text interactively. For example, when one reads a physical textbook for a college course, they may highlight and mark it up in various ways with different colors and add annotated text. They may also highlight a section that is particularly important for an upcoming exam, or they may highlight another section with a different color and notes that may be needed for a paper.

    The H2O project has required support for digitizing interactive highlighting and annotating. Since individual text is not selectable as a DOM element, each word is wrapped into an individual DOM element that is selectable, hoverable, and has DOM properties that we can assign it. For example, we have the following text:

    The cow jumped over the moon.

    Which is manipulated to …


    jquery javascript performance
    Previous page • Page 127 of 222 • Next page